Stack Overflow
Stack Overflow

Questions tagged [sql-injection]

SQL injection is a code injection technique, used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker).

SQL injection exploits a type of computer security vulnerability found in applications with SQL databases. It enables attackers to apply malicious SQL commands to the database via user input. It can for example extract, alter or delete sensitive data.

The vulnerability is present when user input is used directly in the SQL commands, instead of as parameters or properly filtered (also known as "sanitized", e.g. by quoting escape characters). It happens primarily because of poorly written SQL handling functions in client applications.

See famous example - Bobby Tables incident and the community wiki question's answer How can I prevent SQL injection in PHP?

Useful Links

3768 questions
1
vote
5 answers

SQL Injection in .NET

Hi I was wondering if anyone knew of some good websites detailing prevention for SQL injection for .NET web applications. Any resources would be greatly appricated, thank you.
Oliver S
1
vote
5 answers

Python cursor.execute() with MySQL UPDATE causes syntax error

Following this example I am attempting to rewrite code that works with code that protects against SQL injection: Code that works: table = "led_status" field = "test_led" value = "FALSE" cursor.execute(("UPDATE %s SET %s = %s") % (table, field,…
Richard
  • 313
  • 1
  • 4
  • 14
1
vote
1 answer

Is there a mechanism in SQL to escape a variable?

I will write a stored procedure in PostgreSQL which accepts a variable (my knowledge of SQL is close to zero, so I apologize if the question is obvious). Since this variable will be used verbatim in the call, I wanted to ensure that it is properly…
WoJ
  • 27,165
  • 48
  • 180
  • 345
1
vote
2 answers

Can't reach temp table with using prepared statement for second time

I am using temporary tables inside my code in order to [some long sequnce of reasons here] in SQL Server, Java. I was executing my sql queries with using Stament object in java. However, recently I decided to use PreparedStatement in order to avoid…
JollyRoger
  • 737
  • 1
  • 12
  • 38
1
vote
2 answers

Is this a good approach for avoiding SQL injection?

Here in the company I work, we have a support tool that, among other things, provides a page that allows the user to run SELECT queries. It should prevent the user from running UPDATE, INSERT, DELETE, DROP, etc. Besides that, every select statement…
Eduardo Hoefel
  • 127
  • 4
1
vote
1 answer

Create Blind SQL injection vulnerability

I am setting up a website with SQL injection vulnerabilities for testing purposes. However, I want to configure a Blind SQL injection only. I have this PHP code:
Miguel.G
  • 377
  • 1
  • 6
  • 20
1
vote
0 answers

Where does python3's requests module store the cookie

So, here is my problem, I want to test the blind SQL injection based on boolean, which is a login form, I judge the correctness by the length of the response message, but after I logged in, the cookie is saved, and I'll always be logged in, I just…
anonymous12138
  • 11
  • 1
1
vote
1 answer

SQL injection for Dynamic where conditions in prepared statement

I my application we are collecting some user inputs from UI and based on those values we are generating dynamic SQLs with different 'Where' conditions to query data. It is found that that piece of code has some SQL injection flaw. I am not able to…
rz nihar
  • 11
  • 1
1
vote
1 answer

Getting DB name in SQLInjection

I am studiying SQLInjection in some training webpages (so I don't know what is the backend). I am triying next injection to get de DB type. (1) http://url/?departamento=1 union select user() By this way, if the DB is MySQL, I should get some…
Miguel.G
  • 377
  • 1
  • 6
  • 20
1
vote
2 answers

How can I prevent sql injection with groovy?

I have a sql like: String sql = """SELECT id, name, sex, age, bron_year, address, phone, state, comment, is_hbp, is_dm, is_cva, is_copd, is_chd, is_cancer, is_floating, is_poor, is_disability, is_mental FROM statistics_stin WHERE 1=1 ${p.team_num…
xunitc
  • 207
  • 1
  • 2
  • 10
1
vote
1 answer

Column name in SQL query from request

I was given a task to rewrite an old web API. This API reads SQL queries from the database. There's literally a view with "Queries" in the name which contains "SqlText" column. SELECT SqlText FROM Queries WHERE QueryID = 123 The "SqlText" contains…
Mirek
  • 4,013
  • 2
  • 32
  • 47
1
vote
1 answer

Is escaping SQL queries like this safe?

I am currently working on a NodeJS backend script that parses incoming HTTP requests to write to and read from a MySQL database for work. I tried to protect it against SQL injections by using a kind of two-layer protection. To write to the database…
Sv443
  • 708
  • 1
  • 7
  • 27
1
vote
4 answers

insert/update/delete multiple tables in single SQL statement

When I use JMeter with JDBC request on Oracle DB it doesn't allow ; in statement. SQL query. Do not enter a trailing semi-colon. For example insert into a select '1' from dual; insert into b select '1' from dual Will produce exception (while…
Ori Marko
  • 56,308
  • 23
  • 131
  • 233
1
vote
2 answers

String.Format and SQL requests

In my application I use string.Format() for the SQL like this Dim strSQL As String = "SELECT X FROM MY_TABLE WHERE Y <> {0} AND Z = '{1}'" strSQL = String.Format(strSQL, otherObj.Y, myObj.Z) one day I did a global "stress" test using SQL…
serhio
  • 28,010
  • 62
  • 221
  • 374
1
vote
4 answers

Inform potential clients about security vulnerabilities?

We have a lot of open discussions with potential clients, and they ask frequently about our level of technical expertise, including the scope of work for our current projects. The first thing I do in order to gauge the level of expertise on staff…
user4903
1 2 3
99 100